Below is an example of a social engineering financial scam that I received this morning, a variant of phishing. It makes use of compromised email accounts, counting on the fact that for some people, they will recognize the email and be willing to help. With a compromised computer, a hacker can know target all the emails in a contacts list, greatly raising the odds of a favorable response.
The scam starts with the probe of “urgent favor needed”. It seemed sketchy at best, but in this age of brevity on phones, and the email apparently being from a subscriber of mine, I responded with “Yes?”, thinking there was an outside chance that it was about needing advice on cameras/lenses or similar.
TIP: check your own emails and any suspicious ones at https://haveibeenpwned.com. However, emails compromised by individuals (not mass compromises) might fail to show up as pwned.
The next step after my “yes?” was for the scammer to use a well-known social engineering manipulation tactic, the “fake because”, proven to be highly effective in social interactions.
As should be obvious, the resulting response is ridiculous on multiple fronts.
The next step, should you be suckered into it, is to be led down the garden path until you cough up a credit card, mail the gift card, or whatever.
Are you and I too dumb to fall for this? Sure. But the elderly and some naive people do fall for this, some lose their life savings, and all it takes is 1 in 10000 to make it highly profitable for the crooks doing it.